News Main Menu

IST training to defend against Blackshades attacks

Stephanie Koons

May 28, 2014

IST training to defend against Blackshades attacks

Imagine your webcam being used as a gateway into your private life, relaying images and video without your knowledge or consent. In a recent case involving Cassidy Wolf, the reigning Miss Teen USA, Jared James Abrahams, 20, used Blackshades, a remote administration tool (RAT), to take nude photos of Wolf and others through their webcams. He then threatened to post the photos online if the girls refused to video chat with him or send more nude pictures. Abrahams was sentenced to 18 months in prison after pleading guilty to extortion and unauthorized access of a computer. This was not an isolated incident of Blackshades being used with malicious intent.

On May 19, news outlets reported that the FBI and police in several countries had arrested more than 100 people and conducted hundreds of searches in a global crackdown on hackers linked to Blackshades. Although RATs like Blackshades can have many legitimate uses, such as remote management of distributed systems in an organization, they also can be used for malicious purposes such as data theft, spying and distributed denial of service attacks.

“To put it simply, a RAT can be used to gain control of another computer through the Internet,” said Gerry Santoro, a senior lecturer at Penn State’s College of Information Sciences and Technology (IST). “The problem with any RAT comes in its usage. The authors of W32.Shadesrat sold it online for a number of years as a legitimate tool for small businesses. Alas, Blackshades chose to primarily sell the tool on forums known to be used by hackers. They were protected by this grey area.”

“The law needs to be more specific on the types of tools and who may legitimately use them,” said Santoro, who teaches in the Security and Risk Analysis (SRA) program at the College of IST. “Better defense lies in better security management and especially in user training.”

According to Santoro, there are “many tools that fall into this grey area,” which creates challenges and ethical dilemmas for the law enforcement community. The College of IST has developed a number of curricular programs to educate students not only on how these tools work but on how to combat the malicious use of them.

“Metasploit is one such tool that is both used by hackers (for bad purposes) and by security professionals for penetration testing on their systems,” he said. “We teach our students how to use Metasploit because any serious security professional needs to know how it operates. You cannot defend against a tool whose use is unknown.”

The SRA program at the College of IST offers a number of courses that address the issues of botnets and RATs, Santoro said, covering security management approaches to reduce the risk of infection, the use of pen-test/forensics tools and the legal issues involved. Santoro and Pete Forster, assistant dean for Online Programs and Professional Education at IST and a senior lecturer in SRA, are developing a course on cyber-crime and cyber-warfare that they hope to pilot in the fall 2015 semester.

In addition, the College of IST offers bachelor of science (B.S.) and associate of science (A.S.) degrees in SRA, and a Master of Professional Studies (MPS) program in Homeland Security and Cyber Forensics. The B.S., A.S. and MPS programs are offered worldwide through Penn State World Campus.

Like most forms of malware, Santoro said, Blackshades infects a computer after a user does something to allow it entry. Using a least-privilege account and better real-time anti-malware may stop it. However, he added, many newer forms of malware can modify themselves and hide from detection.

“Pretty much all of these tools exploit vulnerabilities in operating systems or applications,” Santoro said. “Better patch management will reduce their success rate. Also, training users not to follow links or open documents received via unsolicited or suspicious email will help.”

Distinguishing legitimate Blackshades users from cyber-criminals is “not a simple problem,” Santoro said. Since Blackshades and similar tools can be used for good or bad purposes, “making the tools illegal will only hamper security professionals.” The FBI, he added, used a tactic of hosting its own “hacker forum” and then watched who downloaded the software. Such a tactic could be entrapment, Santoro said, although the courts will have to decide.

In the recent crackdown, Santoro said, the FBI and other law enforcement agencies decided to cast a large net and investigate anyone they could find who had downloaded the Blackshades code -- not only those suspected of using it to break the law.

“It remains to be seen if this will hold up in court,” he said. “However, the developers and distributors took steps to associate with known hacker groups, so the case against them is likely pretty strong.”